The Marine Transportation System (MTS) continues to be targeted by typosquatting campaigns operated by cyber criminals. In March 2022, Coast Guard Cyber Command published Maritime Cyber Alert 01-22: Spoofed business websites, highlighting well-constructed fake websites masquerading as legitimate business websites to steal information and potentially install malware. Malicious cyber actors continue to spoof U.S. port facility domains using typosquatting techniques in attempts to re-direct users to malicious websites that have similar domain names. Malicious cyber actors are not directly targeting port facilities, rather, they are targeting individuals who incorrectly type a website address. Misspellings of several U.S. port facility domains have recently been registered, likely for malicious purposes. These events have been analyzed and investigated, and the following are recommendations for MTS stakeholders:
Mitigate the Opportunity for Attacks
Typosquatting Deterrence - Organizations may intentionally register similar domains to their own to deter adversaries from creating typosquatting domains. Other facets of this technique cannot be easily mitigated with preventive controls since it is based on behaviors performed outside of the scope of enterprise defenses and controls.
Detection Methods - Consider use of services that may aid in tracking of newly acquired domains, such as WHOIS databases and/or passive DNS. In some cases it may be possible to pivot on known pieces of domain registration information to uncover other infrastructure purchased by the adversary. Consider monitoring for domains created with a similar structure to your own, including under a different TLD.
Untrusted Traffic - Treat all traffic transiting your network – especially third-party traffic – as untrusted until it is validated as being legitimate.
Third Party links - Avoid clicking on links from third parties. Where possible, enter the correct address of the respective website manually in your browser or open it via your bookmarks.
Consider reporting the event to your local Coast Guard Captain of the Port or the Coast Guard Cyber Command 24×7 watch at 202-372-2904 or CyberWatch@uscg.mil. Your willingness to comply and report in a timely manner helps the U.S. respond quickly and effectively and makes the maritime critical infrastructure more secure.
This blog is not a replacement or substitute for the formal posting of regulations and updates or existing processes for receiving formal feedback of the same. Links provided on this blog will direct the reader to official publications, such as the Federal Register, Homeport and the Code of Federal Regulations. These publications remain the official source for regulatory information published by the Coast Guard.